from django.shortcuts import render, redirect
from django.contrib.auth.hashers import make_password, check_password
from . import models
import hashlib


# Create your views here.
def index(request):
    return render(request, 'index.html')

def login(request):
    if request.method == 'GET':
        # 用户初次进入展示登录表单
        return render(request, 'login.html')
    elif request.method == 'POST':
        context = {
            'message': ''
        }
        # 用户提交表单
        username = request.POST.get('username')
        password = request.POST.get('password')

        # 验证账户名密码
        user = models.User.objects.filter(name=username).first()
        if user:
            if _hash_password(password) == user.hash_password:
            # if user.passwrd == password:
                context['message'] = '登录成功'
                # 服务器设置sessionid和其它用户信息.sessiond(服务器给访问他的浏览器的身份证)自动生成的
                request.session['is_login'] = True
                request.session['username'] = user.name
                request.session['userid'] = user.id
                return redirect('/index/')
                # 返回的响应中包含set-cookie(sessionid='dsxdsdxc'),浏览器收到响应后会把sessionid存到cookie中。
            else:
                context['message'] = '密码不正确'
                return render(request, 'login.html', context=context)
        else:
            context['message'] = '未注册'
        return render(request, 'login.html', context=context)


def register(request):
    if request.method == 'GET':
        # 注册表单
        return render(request, 'register.html')
    elif request.method == 'POST':
        username = request.POST.get('username')
        password = request.POST.get('password')
        email = request.POST.get('email')
        # 简单后端表单验证（正则最合适）
        # if not (username.strip() and password.strip() and email.strip()):
        #     return render('register', context={'message': '某个字段为空'})
        # if len(username) > 20 or len(password) > 20:
        #     print('用户名或密码长度不能超过20')

        # 写数据库
        user = models.User.objects.filter(email=email).first()
        if user:
            return render(request, 'register.html', context={'message': '用户已注册'})
        # 'insert into login_user (name, password email) values (%s, %s, %s)' % ('', '', '',)

        # 加密密码
        hash_password = _hash_password(password)

        # 写数据库
        try:
            user = models.User(name=username, passwrd=password, hash_password=hash_password, email=email)
            user.save()
            return render(request, 'login.html', context={'message': '注册成功，请继续登录'})
        except Exception as e:
            print('保存失败', e)  # 比起用render，最好redirect加flash
            return redirect('/register')



def logout(request):
    """ 登出 """

    # 清除session 登出
    request.session.flush()     # 清除此用户sessionid对应的所有sessiondata
    # del request.session['user_id']    # 清除某个session键值
    return redirect('/index/')

def _hash_password(password):
    """ 哈希加密用户注册密码 """
    sha = hashlib.sha256()
    sha.update(password.encode(encoding='utf-8'))
    return sha.hexdigest()


# def _hash_password(password, salt='sxy'):
#     """ 哈希加密用户注册密码 加盐版 """
#     salt = ''
#     for i in range(3):
#         salt += chr(random.ran)

#     sha = hashlib.sha256()
#     sha.update((password+salt).encode(encoding='utf-8'))
#     return '$sxy$'+sha.hexdigest()



# make_password('123456')
# 'pbkdf2_sha256$120000$ENf8nL2pUwOC$YmeaRfN0nS3sXKLlfsdn8CAOJWAQc4t5OfBFmLUYVE4='
# check_password('123456', 'pbkdf2_sha256$120000$ENf8nL2pUwOC$YmeaRfN0nS3sXKLlfsdn8CAOJWAQc4t5OfBFmLUYVE4=')
# 返回为True


# # 查询数据库
# user = models.User.objects.filter(name=username, passwrd=password).first()